Working Party on the Protection of Individuals with regard to the Processing of Personal Data

Notes for the closing address by Mr Monti

In thanking Mr Rodotà and his staff for inviting me to this symposium, I would first of all like to take the opportunity of paying tribute to the work of the Garante, the Italian data protection authority, one year after the entry into force of Law No675. Let us not forget that on 24October1995, when the European Directive on the protection of personal data was adopted, Italy and Greece were the only MemberStates of the EuropeanUnion that had not yet adopted a general body of legislation on the topic.

The first annual report which the data protection authority presented to Parliament a few days ago appears to confirm how much such legislation not only complies with the basic principles of civilisation based on law but also meets a genuine need for protection: I read in the report that, in its first short period of intense activity, the authority received 25000 requests for information, 250000 notifications and more than 9000 requests for authorisation to process sensitive data. Over and above these statistics, which are impressive in themselves, I feel it should be stressed that the personal commitment and prestige of the members of the authority have already made it a reference point whose voice is listened to and respected in an area that was in Italy for a long time - and, if I may say so - unaccountably overlooked from a legislative standpoint.

In addition to the authority's work at national level, I should also stress the contribution it has made to the shaping of Community policy within the Working Party set up by Directive95/46/EC, of which MrRodotà was recently appointed Vice-Chairman, in recognition of the reputation he enjoys at international level.

Alongside these well-deserved congratulations for what has already been achieved, I would like to cast a hopeful glance towards the future in my capacity as Member of the EuropeanCommission. I am of course referring to the transposition of Directive95/46 into Italian law, transposition which has been partly anticipated by LawNo675 but in which certain essential aspects are still missing, with only a few months to go before the deadline laid down in the Directive expires. Without wishing to enter, at this time and place, into the details of the legal issues that will have to be resolved between now and 24October, I am anxious nevertheless to stress that the Directive pursues two inseparable objectives: on the one hand, to protect personal data and, on the other hand, to ensure that such data can move freely within the EuropeanUnion. While it cannot be denied that attainment of the first of these objectives is a logical prerequisite for the second one, it is equally true that the achievement of the latter objective, namely free movement, is an essential part of the correct transposition of the Directive. My hope is that in the weeks ahead and using the powers delegated to it for the purpose by Parliament, the Italian Government will be able to complete the national legislative framework in the manner and within the timescale required by Directive95/46. I would assure you that my departments are, as always, ready and willing to assist the Italian authorities in resolving any uncertainties and ensuring that the national rules are in line with the Community instrument.

To return to the specific topic that has been discussed at this symposium, I feel that the organisers' choice of subject was particularly apt, despite the proliferation of meetings and conferences devoted to the Internet in general, for two main reasons.

In the first place, because IT networks constitute a rigorous test-bench for the effective protection of privacy and confidentiality. In saying this I am referring not so much to the applicability of existing rules in the abstract, but rather to the possibility of combating unlawful behaviour in practical terms, given that the Internet knows no geographical boundaries or time constraints, to such an extent that, in the time it takes to draw up a writ or issue an injunction, the illicit activity will already have been relocated to a more tolerant host country. In other words, activities that are unlawful "off-line" will not cease to be unlawful through going "on-line", but it may prove more difficult to protect individuals' rights and safeguard the public interest in such cases since this will make it necessary for solutions to be found promptly to complex issues such as the determination of the competent courts and the law applicable, the enforcement in other countries of decisions taken by the competent authority or the time taken to set up international rogatory commissions and the difficulties they face. This is, furthermore, one of the arguments in favour of having an independent supervisory authority whose task is to ensure compliance with the law and also to assist individual citizens who have become lost in the maze of private international law and international conventions. In this respect, I am convinced that the European model has amply proven its worth. I am well aware that in other legal systems the protection of privacy is solely dependent on the individual's ability to react (by claiming damages), but I cannot help thinking that such systems run the risk of producing two equally plausible, but opposite, results: either excessive litigation, where disputes too often end up in court, with the time and costs this involves for all the parties concerned, or on the contrary a situation where the average citizen gives up trying to assert his rights, deterred by the cost and length of the normal judicial process.

In the second place, while the Internet is a test-bench for the protection of privacy, data protection is in turn a precondition for the development of what has come to be known as electronic commerce. All the market surveys and opinion polls that have been carried out in recent years agree on one point, namely the importance attached by existing and potential users of IT networks to the protection of personal data. Another thing that market surveys have shown is that, as a result of this concern and in the absence of an appropriate legal framework, a large proportion of persons interviewed have been taking their own protective measures, for example by providing personal data that are incorrect, incomplete or even wholly invented. This should provide food for thought for all those who wish to promote a concept of electronic commerce that goes beyond a mere electronic marketing device. Privacy concerns are particularly acute in the UnitedStates, which has not yet adopted any general legislation on the topic at federal level and where it is no coincidence that the proportion of people worried about privacy regularly tops the 70% mark. For example, the most recent survey published by Business Week showed that 78% of users would make greater use of the Internet if the confidentiality of personal data and communications were protected more effectively, and that confidentiality is by far the main concern of persons interviewed, ahead of the issue of connection costs (64% of responses).

I have quoted these findings not out of love for opinion polls but in order to show that the protection of personal data, far from being an obstacle to the development of electronic commerce, is on the contrary a necessary precondition in the eyes of users. Like any other form of trading, electronic commerce involves matching supply and demand, and the concerns voiced on the demand side must be taken on board if electronic commerce is to enjoy genuine and sustainable growth.

This is one of the reasons that led to the adoption of Directive95/46 and it is the position which the Commission is defending in all the international fora where the rules and principles that are to govern electronic commerce are being drawn up. To give a few examples:

• the World Trade Organisation, in which the Commission is proposing that discussions be started with a view to establishing a core of principles that would be binding on a global scale;
• the Organisation for Economic Cooperation and Development, which has decided to place privacy high on the agenda for the forthcoming summit meeting at Ottawa, at which I will be present alongside my colleagues MartinBangemann and SirLeonBrittan;
• the Council of Europe, in the context of which the Commission has successfully coordinated the MemberStates' position with a view to drafting guidelines for the protection of privacy on the Internet.

Naturally, the problem of electronic commerce is not merely confined to the issues surrounding the protection of personal data.

In this connection, I would like to express my satisfaction that this symposium has devoted a specific session to the protection of intellectual property. It is indeed essential to understand clearly the aims pursued by the two types of protection, both of which are intended to safeguard the rights of individuals: protection of intellectual property and protection of personal data.

As far as the former is concerned, the Commission has in the past already recognised the crucial importance of protecting intellectual property in order to create an environment that stimulates creativity and investment, thereby providing the necessary conditions for making the most of the opportunities offered by the single market.

Over the last decade the Commission has been extremely active in establishing a legal framework for intellectual property rights. The five directives already adopted provide a sound legal basis for protecting works distributed in the single market.

These directives reflect our European legal traditions and our cultures.

The protection of intellectual property is set to play an increasingly important role in the information society, in which markets are undergoing a process of rapid change, as witnessed by the fact that the production and added value of goods and services protected by copyright have soared in recent years.

New technologies have also facilitated a further increase in the cross-border exploitation of literary, musical or audiovisual works and other protected matter. This trend, which is undoubtedly bound to continue, makes it necessary to ensure that there is a real single market for goods and services protected by intellectual property rights.

At Community level, the Commission presented on 10December1997 a proposal for a Directive on the harmonisation of certain aspects of copyright and related rights in the information society.

This initiative is of fundamental importance in the new technological environment. Although it originated in the framework of consultations on the single market, the proposal will enable the EuropeanUnion to implement many of its international obligations under the new WIPO treaties adopted on 20December1996.

I wish to stress that the proposal represents a balanced compromise between the intellectual property rights of those providing content (namely the software industry, the sound recording industry, film producers, publishers, etc.) and the perfectly legitimate interests of consumers, users and providers of on-line services.

The discussions that have taken place during this symposium have demonstrated the importance of effective protection of personal data in the new technological context: the proposal for a Directive on copyright takes full account of this need. It is no doubt necessary to raise the market's awareness of the need for compliance with rules on the protection of personal data, and the risk does exist of possible misuse of personal data linked to the development of new technology, but it should be made perfectly clear that any such misuse cannot be considered to have been caused by the proposed Directive on copyright. We therefore reaffirm the importance of maintaining the balance that has been achieved in the proposal.

The proposal has been forwarded to the other European institutions, which have all begun discussing it. I note with satisfaction that the institutions are unanimous in acknowledging the importance of this legislative measure. This common realisation will, I am sure, help to ensure that a genuine single market is created in new goods and services protected by copyright and related rights, in which the fundamental principles of the protection of personal data are observed. With the guarantee of appropriate protection of copyright at European level, which properly reflects cultural diversity and innovation, one of the essential conditions for the success of the information society will be met.

Other conditions need to be met in order to ensure that services can move freely across the Internet, and I would like to concentrate on these in the last part of my talk.

Electronic commerce is set to benefit from the existence of the European single market while at the same time contributing to its success: the size of the single market is much larger than the critical mass necessary for many electronic services to reach break-even point. Furthermore, like electronic commerce, the European single market knows no frontiers. It therefore provides ideal, ready-made foundations on which to base an appropriate regulatory framework.

Our objective is to encourage the development of electronic commerce in Europe. Electronic commerce needs a lightweight, clear, coherent and predictable legislative framework that offers legal certainty for both businesses and consumers, adequately safeguards public-interest objectives and promotes a competitive environment.

It is not necessary to impose new rules, but rather to clarify and adapt existing rules in order to remove legal obstacles and legal uncertainty and promote the development of electronic commerce. This approach, which we might call "enabling" and involves removing the barriers standing in the way of such development, should be highlighted.

Commission staff are looking into a number of questions that are giving rise to legal uncertainty or creating regulatory barriers as a result of disparities between national laws. These questions are holding back the development of electronic commerce and I intend to tackle them in a proposal for a directive, currently in preparation, which will clarify a number of legal concepts at Community level. The questions relate, among other things, to the determination of the place of establishment of service suppliers in the information society, contract law (e.g. the recognition of contracts concluded electronically), commercial communications (e.g. should a commercial Web site be regarded as advertising?), the liability of Internet access and service providers (in particular, indirect liability for the actions of third parties), and certain issues to do with the regulated professions (in particular, whether or not certain services may be provided on-line).

By way of conclusion, I would like to make one last point in reply to the question asked in the title of this symposium: "what regulation?".

There is no doubt that the global nature of the Internet can hardly be reconciled with rules that are applied at purely national level. The rules we have adopted at Community level are, for their part, applied throughout an economic area which already accounts for the largest share of international trade and which is acting as a magnet for the countries seeking to join it: let us not forget that the Community will, when enlarged, form a market of over half a billion people.

Admittedly, we do not yet have a body of rules that are applicable world-wide, as would perhaps be desirable for the global information society. But the common rules that we do have constitute historically the first and only example of voluntary legal integration between sovereign States (history offers other examples of integration, but those were carried out by force of arms). In my view, the globalisation of trade symbolised by the Internet gives grounds for hoping that the Community model could serve as an example for a wider geographical area.

Lastly, the existence of a body of common rules greatly strengthens the negotiating position of the European countries in international fora, a fact which is in my opinion worth mentioning.

Thank you for your attention.